In accordance with the current network infrastructure, an access point (AP) is adapted to receive and subsequently process a series of wireless data frames from other network devices, such as client devices. In supporting intrusion detection, the AP is configured to analyze each incoming data frame to determine if that data frame is associated with suspicious activity, such as a network attack that is targeted to degrade communications between the AP and its wirelessly associated client devices. Based on this analysis, upon determining that an incoming data frame may be part of a suspected attack, the AP transmits a warning message to a centralized controller to indicate that an attack may be in process.
In response to receipt of the warning message, the controller may, without further analysis, issue an alert to the network administrator. Where the access point, normally with limited processing capabilities due to cost constraints, makes an error by falsely detecting a network attack, there is no intrusion detection verification being conducted to avoid erroneously issuing alerts. This is problematic because, upon continuous receipt of erroneous alerts over time, the network administrator may become desensitized as to the importance of each alert, which jeopardizes the overall health of the network.
In accordance with current intrusion detection scheme, to suppress repeated alerts that may occur for a suspected attack involving a series of consecutive data frames, current APs may perform a time-out operation in which the AP halts the transmission of alerts associated with the suspected attack for a predetermined duration. While this technique suppresses repeated alerts for the same attack, it also reduces the security of the network for that predetermined duration.
In the near future, a new wireless communication standard will be released, namely the Institute of Electrical and Electronics Engineers (IEEE) 802.11ac Standard. As a result, to comply with the IEEE 802.11ac Standard, network equipment manufacturers will need to develop products that support even faster access in an enterprise network environment. Hence, the management of data processing consumption will be extremely important, and thus, more accurate intrusion detection, which requires a greater amount of data processing by the AP, will not be a viable option unless changes are made to the intrusion detection scheme that does not require increased processing by the AP.